The Trusted Platform Module (TPM) chip, as defined by the Trusted Computing Group standard, is a hardware device typically installed as part of a computing device such as a laptop or desktop PC (and potentially in devices such as cell phones and PDAs). Current implementations of the TPM architecture assume a physical binding between the TPM chip and a single hardware platform. The TPM chip is typically installed as part of a system (e.g. a chip on the PCI bus) and is used to provide trusted information on the identity and internal state of the device in order to validate the current hardware and software and store cryptographic secrets and identities. The TPM chip facilitates verification of the integrity of the software and hardware by supporting measurement functions. This is expected to increase the ability to defend against viruses and other security attacks and to verify that the installed software has not been modified. The TPM chip in personal computers (laptops, desktop PCs) is already on the market and its use is increasing rapidly. Moreover, security systems utilizing TPM functionality are beginning to be deployed for applications which require enhanced levels of data security, such as medical record handling. The most common implementation of a TPM is a chip physically attached to the motherboard of a computer. The TPM functionality is accessed by software using a well defined command set and application programming interface (API). Through this command set, the TPM chip provides cryptographic functionality such as encrypting, signing, key generation and random number generation. The TPM chip can also store a limited amount of information, such as keys in a non-volatile, protected memory space.
Additionally, the TPM chip contains a set of extensible Platform Configuration Registers (PCRs). PCRs are used to store measurements on the current status of the platform and its software. PCRs are reset to their present values when the system powers up and/or when the system powers off and can only be extended, but never directly modified. Any changes made (after initialization) to the PCRs are made in separate areas and are cryptographically protected. A sequence of measurements on the system hardware configuration and software is performed to build up a chain of trusted components and modules. For example, the boot loader, the BIOS, the Operating System and the applications can be measured as part of this chain of trust. The measurements to be stored in the PCRs are performed by each module (parent) before handing off control to the successor components (children). The first measuring entity of the platform is trusted by default, as it is not previously measured by any other entities. This early measuring entity is called the Core Root of Trust (CRT) for measurement. For security, the CRT may be stored inside the TPM chip itself. After the first measurement by the CRT all software entities launched are expected to continue the chain of trust by extending the PCR registers before launching any other software. Each measurement is recorded and can be cryptographically verified using the PCRs by a verification party. The action of sending these measurements to a verification party for verification is called attestation.
The Trusted Computing Group (TCG) has defined open standards for hardware-based system security. The specifications provided by the TCG center around the TPM chip and its functionality. More specifically, the TCG bases its standards on the TPM chip as the hardware root-of-trust. In addition, the TCG has defined standards for a Trusted Software Stack (TSS) that defines an application programming interface (API) to the TPM commands and that greatly facilitates development of applications that use TPM functionality. While the TCG's standard is based on a physical TPM chip, there has been some work done with software based TPM emulators. The software based TPM emulators mimic the behavior of a real TPM chip as seen from the TPM driver interface. These software-based TPM emulators are typically installed and executed in and on the device that is running an application that needs the TPM functionality provided by the software based TPM emulator.